Jump to:navigation, search
Wiki

UTM Zero-Touch-Enrollment

From Securepoint Wiki





























In dieser Seite werden die Variablen für unterschiedliche Sprachen definiert.
Diese Seite wird auf folgenden Seiten eingebunden



























Zero-touch enrollment for UTMs in the Unified Security Console

Last adaption: 12.2025

New:
notempty
This article refers to a Beta version
-
Access: portal.securepoint.cloud  Unified Security Console  UTM Zero-Touch

Prerequisite

The use of zero-touch for UTM is only possible from UTM version 14.0 onwards.

notempty
The serial number and zero-touch PIN are shown in advance on the invoice when ordering via Securepoint

One day after the hardware has been shipped, the invoice will be available for download in the Reseller Portal under the menu Resellerportal Invoices  zum ‍Download.

The serial number and zero-touch PIN can be found here.

In dieser Seite werden die Variablen für unterschiedliche Sprachen definiert.
Diese Seite wird auf folgenden Seiten eingebunden
















Order

The information for the configuration of a zero-touch UTM is communicated in advance with the invoice.
This allows a zero-touch profile to be created in advance with all the necessary details.

  • Initially, this is only possible for orders for purchase devices directly from Securepoint Sales.
  • Orders placed with other distributors cannot yet be delivered with zero-touch information.
    • In addition to a license and a configuration file, the ‘’'serial number'‘’ and the ‘’'Zero-Touch PIN'‘’ are required to create a zero-touch profile in the Unified Security Console (USC).

      This information is sent with the invoice and the delivery note.
      The delivery bill is enclosed with the device.


    Download the invoice

    Menu my.securepoint.de/invoices Resellerportal Rechnungen

    • The invoice with the zero-touch information can usually be found ‘’'one day after dispatch'‘’ of the goods in your reseller portal in the ‘'Invoices’' menu
    • The invoice can be downloaded as a pdf file using the ‍Download button.


    Invoice with zero-touch information
    Information on the invoice
    • On the invoice (and also on the delivery bill) you will find the serial number of the UTM
    • and the zero-touch PIN

    Download option on invoice and delivery bill
    Download the Zero-Touch information
    • The zero-touch information can also be saved as a
      • csv file or
      • as a stand-alone PDF document
    downloaded.
    This contains
    • ID number of the invoice recipient
    • Account name of the invoice recipient
    • Customer order no.
    • Invoice date:
    • Invoice no.
    • Not' included are invoice amount and further payment information

    Download links as URL and QR code can also be found on the invoice and delivery bill.

    Create zero-touch configuration

    • A profile for this UTM can then be created in the Unified Security Portal (USP) in the Unified Security Console UTM Zero-Touch  menu using the  Add profile button.
    • The UTM now only requires an IP address on interface A0 via DHCP and access to the Internet for commissioning.
    • After a few minutes (approx. 3 minutes) and 2(!) restarts, the UTM is ready for use with the configuration created.

    Introduction

    With the zero-touch functionality of the UTM, it is possible to make the UTM operational immediately after unpacking and connecting it to a network without manual configuration.
    The UTM is automatically configured and licensed as soon as it connects to the Unified Security Portal. It is also possible to transfer the configuration file from another UTM to the new UTM.
    Welcome page of the UTM Zero-Touch portal page if no Zero-Touch profile exists yet

    Process

    1. UTM: When the UTM is booted for the first time with factory settings (no configuration, no host name), an 8-digit enrollment PIN and a serial number are generated.
    2. Portal: A new zero-touch profile must be created in the portal.
      1. The serial number and enrollment PIN must be entered in the zero-touch profile.
      2. A web session PIN must be entered.
      3. A UTM license must be stored in the zero-touch profile.
      4. Optional: Store a configuration file for a UTM in the zero-touch profile
    notempty
    The following processes happen automatically without you having to do anything yourself.
    1. Portal: If the serial number and enrollment PIN of the UTM match the zero-touch profile from the portal, the UTM is assigned to the tenant at  Unified Security Console UTMs
      1. UTM: The license from the zero-touch profile is transferred to the UTM, applied, and then the UTM reboots.
      2. UTM: Optional: The configuration stored in the zero-touch profile is installed on the UTM and the UTM reboots.
    The UTM is configured and ready for use.

    Generating the UTM enrollment PIN

    UTM screen console during initial or new installation of a UTM
    • When booting for the first time with the UTM's factory settings, an 8-digit enrollment PIN is generated
    • This enrollment PIN and the UTM's serial number are displayed on the UTM screen console
    • The QR code on the UTM screen console is used by Securepoint's shipping department to transmit the serial number and PIN in advance via the delivery note
    • After a short moment (~ 1 min.), the IP address and gateway of the UTM are also displayed notempty
      New as of v14.0.1
    • If the UTM is a virtual machine (VM) or older hardware, a one-time serial number beginning with ZT is generated.
      This serial number is displayed using the CLI command "system info".
    • All other UTM models use their existing serial number, which is stored on the UTM
  • If the UTM is reset to its factory settings"", a new enrollment PIN is generated when it is started up.

    • Add Zero Touch profile

    Click the  Add Zero-Touch Profile Now button or the  Add Profile button to create a new Zero-Touch profile for the UTM.

    In dieser Seite werden die Variablen für unterschiedliche Sprachen definiert.
    Diese Seite wird auf folgenden Seiten eingebunden





































    figuration of a UTM (.utm file), which can be a local backup or an encrypted clou

















    Caption Value Description
    Name AnyIdeas Name of the profile
    Serial number 1234567890 Unique serial number of the UTM
    Enrollment-PIN A B C D E F G H Enrollment-PIN of the UTM notempty
    The PIN is generated when the UTM is started for the first time after initial or new installation.
     notempty
    The combination of the serial number and PIN must be unique. If a profile with this serial number and PIN already exists, no new profile can be created.
     The serial number and enrollment PIN are displayed on the UTM boot screen or on the Securepoint delivery note.
    Start date 25.11.2024 Date from which the zero-touch profile should be valid
    Expiration date 25.11.2025 Date on which the zero-touch profile expires
    Websession PIN 1 2 3 4 5 6 Web session PIN for the UTM
    Lizenz Lizenz aus Reseller-Portal auswählen
    TTT-Point AG (xxxxxxx)    		 The license can be transferred directly from the reseller portal.
    In this case, a drop-down menu appears for selecting the licenses stored in the RSP.
    Only an existing license can be selected if the login was made via a reseller account.
  • Die Lizenz muss gültig sein!
    • Lokal gespeicherte Lizenz auswählen
    UTM-Lizenz (.pem) hier per Drag & Drop ablegen oder klicken    		 Locally stored UTM license (.pem file) to be applied to the UTM
  • Die Lizenz muss gültig sein!
    • Configuration UTM-Config-TTT-Point-III.utm Optional configuration of a UTM (.utm file), which can be a local backup or an encrypted cloud backup
    Located under  Unified Security Console UTMs → UTM tile → Tab  Cloud Backup  Download button

    Further information can be found in the wiki article Configuration management
  • The configuration cannot be changed retrospectively! If a different configuration is to be used, a new zero-touch profile must be created.
    • Configuration password     The password to decrypt the UTM configuration
    Up­date auf die ak­tu­el­le UTM-Ver­si­on notempty
    New as of: UTM v14.1.1
    		   
    notempty
    Ist erst einstellbar und wird erst ausgeführt wenn bei Konfiguration eine UTM-Konfiguration hinterlegt wurden ist!
    • Ab UTM-Version 14.1.1 wird die UTM vor dem Einspielen der Konfiguration auf die aktuelle Version aktualisiert, um Inkompatibilitäten mit der hier ausgewählten Konfiguration zu vermeiden
    • Wir empfehlen dringend, diese Einstellung nur in berechtigten Ausnahmesituationen zu deaktivieren, damit das Zero-Touch Enrollment erfolgreich durchgeführt werden kann
    UTM AGB    By activating, you accept the UTM Terms and Conditions
    Privacy Policy UTM    Upon activation, the UTM privacy policy is accepted
    Privacy Policy Unified Security Console    Upon activation, the Unified Security Console (USC) privacy policy is accepted
    Close Closes the page without saving the entries
     Save Saves the entries and creates a new zero-touch tile
    Retrieved from "https://wiki.securepoint.de/index.php?title=USC/Zero-Touch&oldid=99936"